Is it safe to install a "companion app" with a Firefox extension?

Good morning,

This is the most popular Firefox extension for downloading videos from websites by FAR as it has 1.9 MILLION users: Video DownloadHelper – Get this Extension for 🦊 Firefox (en-GB)

I’ve installed it and I paid for the premium version however, when I try to download videos from websites I’m told: This operation requires an external application to be completed and that I need to install this “companion app”.

This worries me a great deal as I’ve got no idea what the companion app does! :cry:

I’m still researching this so I’d appreciate any advice!

Thank you for reading my question.

1 Like

please, try https://cobalt.tools.

Generally, unless the app and extension were audited, you cannot know as a “normal” person.

4 Likes

Can you provide a screenshot? That sounds like a malicious ad.

But like @TGRush said, there are easier/free tools especially like yt-dlp (which supports hundreds of websites and has generic fallbacks).

5 Likes

This worries me as well.

This companion app will let you download a video that streams from a lot of segment files.

I don’t install it. But if I need this (can’t find any other way to get the video), I would probably install the whole Firefox, the extension, and the companion app in a container, using Distrobox for example.

EDIT: You might want to try Parabolic.

2 Likes

containers like DistroBox are NOT a security mechanism and provide full access to all host files.

2 Likes

I appreciate your replies!

I figured that installing a Firefox extension that has 1.9million users and is also recommended by Mozilla that it would be the safest tool to use to save videos from websites so I was shocked to see this request to “Install a companion App”

I do not consider Mozilla to usually act maliciously, so my guess is that the extension must’ve been less invasive in the past and hasn’t been re-reviewed since. But that is a guess, not fact.

2 Likes

I have checked the extensions homepage, the following is their explanation as to why an external application may be required for some websites:

Video DownloadHelper is a browser extension software. As such, it relies on an interface provided by the browser (API) to its extensions to do the job. Chrome and Firefox (>=57) provide exclusively an API called WebExtensions that do not include a number of things required by Video DownloadHelper to do all the tasks. In particular, WebExtensions has no real support for writing files properly. After many discussions with Mozilla (the Firefox editors) engineers, it appeared that the only solution for providing the service was to install an external application aside of the browser.

Fortunately, WebExtension provides the ability to launch a specific application and communicate with it, it’s called Native messaging. This is a secure interface that ensures no other extension can take advantage of the coapp for performing any malicious activity.

So we developped a specific native application we called Video DownloadHelper Companion Application, or coapp. To ensure this application could be trusted by everyone, we released this application in open-source, i.e the program code can be read by anyone to check it is harmless. The source code of the coapp is available here.

1 Like

I appreciate your reply!

It just seems so shocking for an extension to require a “companion app”… I thought I had found a safe way to save videos from websites but this companion app makes me nervous… :cry: :cry: :cry: :cry:

Afaik this extension is legit. Just wondering why you would use it when there are decent alternatives that are just all-around simpler than an extension. In the end, whether browser extension or standard app, you should only use it if you trust it. So I don’t see the difference. Either you trust the developer, then yes you can use their extension and app, or you don’t, then you should use neither.

1 Like

I appreciate your reply!

That’s why I wanted to post this question here: So the security experts of this community can verify if it’s secure or not? :frowning_face: :frowning_face: :frowning_face: :frowning_face:

I just found this link and it seems to explain more about this “companion app”

I think it’ll be helpful to people here: GitHub - aclap-dev/vdhcoapp: Companion application for Video DownloadHelper browser add-on

Just here to recommend looking into yt-dlp as an alternative (GitHub - yt-dlp/yt-dlp: A youtube-dl fork with additional features and fixes). If using a cli is too intimidating, you can also use the gui version (GitHub - dsymbol/yt-dlp-gui: A cross-platform GUI wrapper for yt-dlp written in PySide6).

Despite the name, yt-dlp works on any site. Just something to check out.

1 Like

Alış, you can add ss like www.ssyoutube.com to save videos without an extension. Probably that app and extension may be safe, but I take Mozilla’s suggestion as the main criteria.

There are removed apps from Google play which have millions of downloads. So many times.